Like I thought perhaps public libraries would have their computers managed and protected super well. ... whereas I thought perhaps the computers at a public library would have like super smart tech guys managing them against these types of programs. But maybe my logic is flawed?

How I wish it weren't, but sadly that is the complete opposite of the security model. Always consider any security questions as 'what is the risk, and to who?' Security is always about risk-management - since you can never be completely secure, it is a balance between risk and reward, get the balance right and you'll be secure enough but get it wrong and you're an attractive target. Consider the following example:

1) You're using a library computer and download credential-stealing malware by accident through an ad on a page you visit. The page you were looking at was a weather forecast for the next day, then you go to visit a news website (requiring no login). You finish you browsing session and leave the machine.

Q) What risk does this pose to you?
A) None. You didn't enter any personal details and therefore the malware stole none of your information.
Q) What risk does this pose to the library?
A) Some. Over time, they could build up a reputation for having badly infected machines and lose business.
Q) What risk does this pose the attacker?
A) None. It is unlikely that these machines are monitored/cleaned on a regular basis and the attacker could pick up credentials for a long time with no active oversight required, information just pops up at their server's front door in a steady stream from around the world. There is little chance of this person being identified and caught.

(now the important one)

Q) What risk does this pose the person who uses the computer after you?
A) Lots. They have no idea that you've inadvertently just infected that terminal, and whilst you weren't browsing safely (because you were only checking news/weather) the next person could be divulging a lot of personal information, on a very trusted website, with no idea that the damage has already been done.

Therefore, you have to assume that whenever you use a shared terminal in a public place that you are the second person in this scenario.

Obviously I am describing the average public terminal here, I imagine universities do have better security monitoring and cleaning processes for their terminals - however I doubt this is any more frequent than daily, by which time hundreds of users could have been at risk of the above scenario.

The best way to implement a public network (e.g. library) would be:

1) Use thin-client terminals (i.e. those with no hard-drive directly attached)
2) Use a well-secured central server which provides network (PXE) boot capability to the clients
3) When booting, thin-clients request an operating system image from the server
4) The image is provided as a stock installation of the chosen operating system
5) Every time a user logs-in, a virtualised environment (Virtual Machine) is provisioned and isolates that users activity from the physical terminal they're sitting at
6) When the user logs off, this session state could be saved under that user's account on the central server, or discarded for a fresh logon next time. This could be at the user's discretion (presuming they haven't finished what they wanted to do but wasn't ready to save a document to a shared network drive for later)
7) The next user who logs on has the choice of resuming a saved session or starting fresh

In this situation, the virtual machines are managed securely (and only need to be patch in one place, the central server) and the thin-clients are immune (mostly) from infection by the virtual machine.

Quote:

Originally Posted by jakeny

And let me recommend that you need to consider posting videos on YouTube or something LOL. Seriously. You might even be able to rake in some money from them if you get a lot of hits and get ads from people watching them (you just gotta make them helpful, interesting, and enticing to people).

As for the videos, not really my thing - but I am working on a website to cover this stuff, just taking a long time getting it done.
Glad to help though

It's not an open network, It's secured with WPA2 enterprise meaning with a login and we can use that but cannot access our network drives or printers from our device.

I think you're missing the meaning of "public". That means things like airports, restaurants and stores or anything else that doesn't require a password. In that case nothing here is safe. Even on secured networks, once someone is on and connected they can sniff out all the data.

Simply put, the only wifi/network I trust with any sensitive info is my own. I do nothing over public networks.

__________________
"as a fanboy i refuse to admit it and will pull countless things out of my butt to disprove it"

As for the videos, not really my thing - but I am working on a website to cover this stuff, just taking a long time getting it done.
Glad to help though

Let us know when it's up and done. I probably wouldn't even understand it, but it'd be neat to check out.

You could maybe even do like a weekly Q&A column, where readers pose questions and you choose one to answer each week. Although that would seemingly be even better for like YouTube. I've seen people make money just by posting lots of educational videos that get lots of hits on YouTube. I go there all the time to a place called Khan Academy for math tutorials in calculus.

...But if YouTube's not your thing, then it's not your thing. I just think you have a good "intuition" for what people are asking and also can explain things in a simple/non-technical, and helpful/relevant way (trust me, not all sites/people are like this...some go way over my head with the technical jargon). So those qualities can make for a good teacher/advice column kind of thing.

So, guys, now that you've scared me, lol, do you all even recommend EVER doing online shopping (even at a home computer)? I mean, what if your home computer had malware program and you didn't even know it? Assuming you took all the precautions, couldn't you still possibly be infected?

And, if so, is it just best to not ever do online shopping with credit card info.? Or ever do like online banking? I'm now kind of paranoid about this stuff. I used to buy things online, but haven't even thought of it after my recent attacks and reading all this stuff. Is it just best to altogether avoid ever entering private info. online?

Sign up for paypal, use that to pay for things. Use sites like Amazon/Ebay/Etc that are well known and reputable. Make sure you use a credit card company and discuss with them their policy on what happens if purchases are made using the card if you didn't make them.

We've had are card used twice, once for playstation games (I don't own a playstation) and the credit card company refunded us with one phone call and very little hassle. The other time, they reported to us that our card was likely stolen and sent us a new one with overnight shipping.

You gotta live your life man. Go online, shop, bank, etc just be protected and know where you've been and what you've done. Sheesh...

__________________
****************************************
Don't take life too seriously -- no one gets out alive. Plus, who wants to arrive to the hereafter in pristine condition wearing a suit and tie?
I want to slide in sideways, worn out, used up, hair a mess, clothes tattered, & screaming, "Whooo! What a ride!"
****************************************

You gotta live your life man. Go online, shop, bank, etc just be protected and know where you've been and what you've done. Sheesh...

Haha. It's like post-traumatic hack syndrome. lol.

I shall emotionally recover after a while. But, for now, I'm just learning all I can to protect myself and what is reasonable/unreasonable to do on a comp. I had to pay big bucks to get another computer and lost days worth of school work time. It was crazy annoying for me, so this was a lesson for me to learn from.

We've had are card used twice, once for playstation games (I don't own a playstation) and the credit card company refunded us with one phone call and very little hassle. The other time, they reported to us that our card was likely stolen and sent us a new one with overnight shipping.

Yeah, that's not too terrible, but it's those total identity theft stories that scare me. My mom's had her card lost/used before and they blocked it and issued her a new one from what I remember. But imagine if someone got all your info and like started a double-life with your stuff. That's the type of stuff that freaks me out.

Do you have your full address on facebook? Are you tweeting your phone number? Do you make regular youtube videos telling everyone your social security number? Do you include your bank account numbers in your reddit signature?

Just be smart. Use protection. And if things seem shady, run away. (this is good advice for more than just computer use )

__________________

__________________
****************************************
Don't take life too seriously -- no one gets out alive. Plus, who wants to arrive to the hereafter in pristine condition wearing a suit and tie?
I want to slide in sideways, worn out, used up, hair a mess, clothes tattered, & screaming, "Whooo! What a ride!"
****************************************